I am currently working on a project planning software that “tries” to utilize Java Webstart as its deployment method. Nowadays it is common practice that login dialogs also allow new users to register with the application and existing users to retrieve their password if they forgot it. When I was trying to implement these features I ran into all kinds of issues and finally gave up.
The problem is that login dialogs for webstart applications are stupid. They are not aware of the context in which they are running. All they “know” is that they were shown to the user as a result of a callback from the server. The callback is asking for a user name and a password. This is fine for a simple standard login, but not for an advanced one. How can a new user be created on the server without some kind of connection to the server? Especially if the server is not even known, which is the case when running the webstart client inside an application client container (ACC). The whole idea behind the ACC is to provide injection capabilities, hence freeing the application developer from configuring the initial context.
The following screenshot shows the standard login screen. When the user clicks on the “Login” button the callback object will be populated with the user name and password. The application then simply continues if the login was successful. Another issue I had here was that I could not find out wether the login failed or not.